General

  • Target

    2024-06-16_b4c48d8ba408e6bc045b64ed74f36f38_gandcrab

  • Size

    99KB

  • Sample

    240616-qz8gdavgkg

  • MD5

    b4c48d8ba408e6bc045b64ed74f36f38

  • SHA1

    904e52103cc4819b3e2ec6a72f8d20d6abe441c1

  • SHA256

    d71cb1a34c591e7e69015b55adbac69a85d91860c159107813f70f578dadb931

  • SHA512

    6135cef45c7b0b202e90ca87b31300f3c4348d25ae0bdda750410d9cea9c8b61561a8e9b8ea64b6df98847018d0ae85900fc852335f0870056d3a319e96e2f27

  • SSDEEP

    3072:qMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6:qXjOnr6jqqDL6aprYS6

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Targets

    • Target

      2024-06-16_b4c48d8ba408e6bc045b64ed74f36f38_gandcrab

    • Size

      99KB

    • MD5

      b4c48d8ba408e6bc045b64ed74f36f38

    • SHA1

      904e52103cc4819b3e2ec6a72f8d20d6abe441c1

    • SHA256

      d71cb1a34c591e7e69015b55adbac69a85d91860c159107813f70f578dadb931

    • SHA512

      6135cef45c7b0b202e90ca87b31300f3c4348d25ae0bdda750410d9cea9c8b61561a8e9b8ea64b6df98847018d0ae85900fc852335f0870056d3a319e96e2f27

    • SSDEEP

      3072:qMSjOnrmBIMqqDL2/mr3IdE8we0Avu5r++ygLIaaypQ8CrS6:qXjOnr6jqqDL6aprYS6

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Detects ransomware indicator

    • Gandcrab Payload

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks